CVE-2020-0001 PoC — Android Framework 安全漏洞

Source

https://github.com/Zachinio/CVE-2020-0001

Associated Vulnerability

Title:Android Framework 安全漏洞 (CVE-2020-0001)
Description:In getProcessRecordLocked of ActivityManagerService.java isolated apps are not handled correctly. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-140055304

Description

POC to run system component in an untrusted-app process

Readme


# CVE-2020-0001
POC to run system component in an untrusted-app process

# Blog
https://zachinio.com/blogs/cve-2020-0001

# How to use
Run the app, make sure the process "com.android.settings" does not exist, and click the "start service" button.
Launch the settings app or wait for a system component to launch it for you.

File Snapshot


 [4.0K]  /data/pocs/63116ed5394ca4f14334db6caad0bef5bc1b27eb
├── [4.0K]  CVE-2020-0001
│   ├── [4.0K]  app
│   │   ├── [1.0K]  build.gradle
│   │   ├── [ 750]  proguard-rules.pro
│   │   └── [4.0K]  src
│   │       └── [4.0K]  main
│   │           ├── [ 998]  AndroidManifest.xml
│   │           ├── [4.0K]  java
│   │           │   └── [4.0K]  zachinio
│   │           │       └── [4.0K]  cve
│   │           │           └── [4.0K]  example
│   │           │               ├── [1.2K]  IsolatedService.java
│   │           │               └── [1.2K]  MainActivity.java
│   │           └── [4.0K]  res
│   │               ├── [4.0K]  drawable
│   │               │   └── [5.5K]  ic_launcher_background.xml
│   │               ├── [4.0K]  drawable-v24
│   │               │   └── [1.7K]  ic_launcher_foreground.xml
│   │               ├── [4.0K]  layout
│   │               │   └── [ 805]  activity_main.xml
│   │               ├── [4.0K]  mipmap-anydpi-v26
│   │               │   ├── [ 272]  ic_launcher_round.xml
│   │               │   └── [ 272]  ic_launcher.xml
│   │               ├── [4.0K]  mipmap-hdpi
│   │               │   ├── [3.5K]  ic_launcher.png
│   │               │   └── [5.2K]  ic_launcher_round.png
│   │               ├── [4.0K]  mipmap-mdpi
│   │               │   ├── [2.6K]  ic_launcher.png
│   │               │   └── [3.3K]  ic_launcher_round.png
│   │               ├── [4.0K]  mipmap-xhdpi
│   │               │   ├── [4.8K]  ic_launcher.png
│   │               │   └── [7.3K]  ic_launcher_round.png
│   │               ├── [4.0K]  mipmap-xxhdpi
│   │               │   ├── [7.7K]  ic_launcher.png
│   │               │   └── [ 12K]  ic_launcher_round.png
│   │               ├── [4.0K]  mipmap-xxxhdpi
│   │               │   ├── [ 10K]  ic_launcher.png
│   │               │   └── [ 16K]  ic_launcher_round.png
│   │               ├── [4.0K]  values
│   │               │   ├── [ 378]  colors.xml
│   │               │   ├── [  75]  strings.xml
│   │               │   └── [ 835]  themes.xml
│   │               └── [4.0K]  values-night
│   │                   └── [ 835]  themes.xml
│   ├── [ 530]  build.gradle
│   ├── [4.0K]  gradle
│   │   └── [4.0K]  wrapper
│   │       ├── [ 53K]  gradle-wrapper.jar
│   │       └── [ 230]  gradle-wrapper.properties
│   ├── [1.1K]  gradle.properties
│   ├── [5.2K]  gradlew
│   ├── [2.2K]  gradlew.bat
│   └── [  50]  settings.gradle
├── [1.0K]  LICENSE
├── [ 328]  README.md
└── [2.2K]  script.js

22 directories, 34 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!